U.K. Digital Markets Competition and Consumer Bill Sets Out New Regime to Regulate Big Tech

May 22, 2023 Advisory


The U.K. Government’s much-awaited Digital Markets, Competition and Consumer Bill (DMCC Bill) published on 25 April 2023 and sets out far-reaching proposals to establish a new ex ante regulatory regime for digital markets. The new system which provides substantial fines for non-compliance really means business and is likely to transform the regulation of “Big Tech” in the U.K.

What the DMCC Bill mean for the regulation of digital markets in the U.K. and how does it compare with its equivalent EU legislation, the Digital Markets Act?

Regulation of Digital Markets

The flagship proposal in the DMCC Bill is the establishment of the new regulatory regime for digital markets. It will have a widespread impact on how digital markets are regulated in the U.K., and will set alongside and not replace competition law enforcement in this sector. It will be for the Competition and Markets Authority (CMA) to decide whether to regulate certain behaviour or conduct under its new digital market functions or competition law.

Strategic Market Status

The Digital Markets regime provides that the CMA may designate undertakings having a powerful market position in any digital activity in the UK as undertakings having Strategic Market Status (SMS) (together Designated Undertakings). To do so, the CMA must serve a notice on the undertaking concerned containing relevant details of the digital activity to be covered and its reasons for proposing the designation. The SMS investigation must also seek views of the undertaking and those of the public. At the end of the SMS investigation, which must last no longer than nine months, the CMA must publish a notice deciding whether to designate or not. Any designation lasts for five years.

Undertakings which can be designated as having SMS status under the DMCC Bill are defined as follows:

  1. Digital Activities: Undertakings must provide digital activities linked to the U.K. The definition of digital activities is extremely broad and encompasses any services or digital content provided over the internet or an electronic communications network. The link to the U.K. is satisfied if the undertaking, whether established in the U.K. or not, has a significant number of U.K. users or carries on digital activities in, or which have an immediate and substantial effect on, the U.K.; and
  2. Satisfy the SMS Conditions: The undertaking must enjoy substantial and entrenched market power and hold a position of strategic significance in connection with a digital activity; and
  3. Turnover Condition: The CMA cannot designate an undertaking with SMS unless the undertaking or the group to which it belongs has a worldwide turnover of at least £25 billion and a U.K. group turnover of at least £1 billion.

The CMA has considerable discretion under the legislation to decide which undertakings can be designated in light of the above criteria making it more manageable. In contrast, the EU, which oversees a similar digital markets regime under its Digital Markets Act, designates digital “gatekeepers” automatically based on certain turnover thresholds. There is a danger that the EU approach will create a regulatory monster which it does not have adequate resources to effectively police.

Conduct Requirements

The CMA may impose certain conduct requirements upon Designated Undertakings. It can decide to impose one or more relevant conduct requirements as defined in the DMCC Bill. The CMA can tailor the conduct requirements imposed individually for each Designated Undertaking based upon their individual businesses and circumstances allowing for a tailored approach. In contrast, the EU system for regulating the behaviour of “gatekeepers” is based on a “one-size-fits-all approach” enforcing a series of standard obligations and prohibitions.

Clauses 20(2) and 20(3) of the DMCC Bill set out a series of high-level obligations or prohibitions categories to which the individual conduct requirements must relate. Clause 20(2) provides that conduct requirements can cover obligations relating to trading on fair and reasonable terms, having effective complaint handling processes, providing accurate and clear information, providing adequate notice of changes to terms and conditions, and allowing users to change default settings. Clause 20(3) provides a list of prohibited behaviour around which individual requirements may be crafted, including preventing Designated Undertakings:

  • applying discriminatory terms, conditions or policies
  • self-preferencing (including access to data)
  • leveraging market power
  • tying undertakings products or services or digital content
  • restricting interoperability or use of digital activity or other undertakings products
  • using data unfairly

To impose a conduct requirement, the CMA must send the undertaking concerned a notice setting out the conduct requirement to be imposed and its reasoning, as well as stating when it will come into force and its duration. The conduct requirement process is again subject to a consultation process.

Breach of Conduct Requirements

If the CMA has reasonable grounds to suspect that a Designated Undertaking has breached a conduct requirement the CMA must give notice via a Breach Investigation to the Designated Undertaking stating the conduct requirement breached and details of the case against them, the anticipated length of the investigation and possible outcomes. A breach inquiry must last no longer than six months. The Designated Undertaking can make representations.

The CMA can close investigation without a decision if it believes there is no breach or if the behaviour concerned would give rise to benefits to users which outweigh their detrimental effect on competition (rather like an exemption procedure under Section 9 Competition Act 1998). Alternatively, the CMA can accept, at any time, commitments from the Designated Undertaking to remedy the breach. At the conclusion of the Breach Investigation the CMA must publish its findings via a Breach Decision and state whether there has been a breach and its reasoning.

Following a Breach Decision, the CMA can issue an enforcement notice stating the measures necessary to stop the breach and from preventing it from recurring. Like interim measures powers under competition law, the CMA may also issue Initial Enforcement Orders during a Breach Investigation to prevent significant damage to persons, to ensure the effectiveness of remedies, or to protect the public interest.

Pro-Competitive Interventions (PCI)

The DMCC Bill introduces a sort of “Market Investigation Lite” procedure designed to deliver fast remedies to digital markets where factors in a particular digital market are having an adverse effect on competition. These are called Pro-Competitive Interventions (PCI). The CMA may make a PCI following a PCI investigation. PCI investigations are started by notice from the CMA to the undertakings concerned stating the factors it considers are present to justify an investigation. The PCI investigation must last no longer than four months and the CMA must publicly consult before making a PCI. A PCI may take the form of one or both of the following:

  • an order imposed on a Designated Undertaking relating to its conduct in relation to a specified digital activity; and/or
  • recommendations to the U.K. Government or a public body about appropriate steps to be taken in respect of a Designated Undertaking or digital activity.

The CMA has the power to accept commitments as to their future conduct from Designated Undertakings at any time during a PCI Investigation.

Duty to Notify Mergers

Designated Undertakings and/their corporate groups (also known as a Designated Undertakings Group) have a duty to report qualifying transactions to the CMA before the event takes place. Qualifying Transactions are those under which a Designated Undertaking Group acquire shares or voting rights in a U.K.-connected body corporate (which carries on activities in the U.K.) of more than 15%, 25% or 50%, and where the consideration is at least £25 million. Special rules exist for joint ventures under which the acquisition of 15% or more of shares or voting rights are covered by the notification requirements provided the value threshold is also exceeded.

Upon receipt of a report by a Designated Undertaking Group, the CMA has five working days to confirm it has all the details relating to the transaction it needs. Once that confirmation has been received the Designated Undertaking or their corporate group must not allow the event to take place until after a further five working days period had elapsed.  This waiting period is designed to allow the CMA to decide whether it wishes to call in a particular merger for review under the merger control provisions of the Enterprise Act 2002. This procedure is designed to improve transparency about Big Tech’s acquisitions and to allow the CMA to regulate them effectively.  In the past, the CMA and the EU Commission have been criticized for allowing potentially anti-competitive digital mergers to slip through the regulatory net.

Penalties and Appeals for Breach 

What marks the Digital Markets Regime out from other forms of sectoral regulation are the heavy competition law style damages that can be imposed by the CMA on Designated Undertakings in the course of carrying out its digital functions. This is a regime with teeth and technology companies should take it seriously.

The CMA may impose penalties of up to 10% of worldwide group turnover or 5% of daily worldwide group turnover by way of periodic penalty where a Designated Undertaking

breaches a competition requirement without reasonable excuse. Maximum penalties on individuals are £30,000 for a fixed amount or £15,000 in the case of a daily periodic penalty.

Competition requirements include:

  • breach of a conduct requirement;
  • breach of an enforcement order relating to a conduct investigation; breach of a PCI order; or
  • breach of commitments given by a Designated Undertaking.

In addition, the CMA can also impose a penalty where the Designated Undertakings Group has failed to notify a merger event within the meaning of Chapter 5 of the Bill without reasonable excuse.

The DMCC Bill also provides certain appeal rights to persons affected by the CMA’s decisions in exercise of its digital functions. In relation to CMA decisions, affected parties can apply to the Competition Appeal Tribunal (CAT), but in determining an application, the CAT must apply judicial review standard. This is a much stricter standard than the full merit appeal standard allowed in Competition Act 1998 cases.

Private Rights of Action

A key piece of the legislation is the wide-ranging rights of private action given to parties which have suffered loss and damage by reason of a breach of a relevant requirement under the DMCC Bill. Any aggrieved person who has suffered loss and damage due to the breach of a relevant requirement by a Designated Undertaking can sue in the courts for damages as a breach of statutory duty. Relevant requirements for the purposes of the legislation are a breach of a conduct requirements, breach of a PCI or breach of commitments. The legislation makes clear that a CMA breach decision taken in exercise of its digital functions is binding upon the courts once any appeal procedure has been exhausted. This legislation is likely to see an explosion of follow-on actions as the CMA’s case law develops. Big Tech companies are going to be particularly exposed to collective proceedings for breach under the DMCC Bill as most of the breach orders are likely to be consumer-related, lending themselves to large-scale class action awards.

CMA Investigative Powers and Penalties

The DMCC Bill provides the CMA with wide powers to exercise its digital functions under the legislation. The CMA has the power to require Designated Undertakings to provide information or to perform a test or demonstration by notice. It can use its powers under Clause 69 to access premises, equipment, services or information or persons to obtain information or to observe Designated Undertakings perform a test if the undertaking in question has not previously compiled with an earlier information request. They also have the power to interview relevant persons of a Designated Undertaking. They are also given wide powers to enter premises in a Conduct Breach Investigation with or without warrant.

These powers are backed up by a series of civil penalties which for companies are a maximum fine of up to 1% of worldwide turnover or up to 5% periodic daily rate of group turnover. For individuals, the maximum fines are £30,000 or up to £15,000 periodic daily rate

The DMCC Bill also provides for several criminal offences in Clauses 91-93 including destroying or falsifying information, providing false or misleading information and obstructing the CMA in an investigation. The maximum penalties here are an unlimited fine or up to two years imprisonment. In the event of an offence the CMA has a choice whether to proceed via imposing civil penalties or applying to the court to impose criminal sanctions. However, the CMA cannot seek civil penalties if a company or individual has been found guilty of a similar criminal offence.


The DMCC Bill is likely to revolutionize the regulation of Big Tech in the U.K. The Bill is far more flexible than its EU counterpart and is likely to lead faster and more effective decisions for this sector. Backed up by substantial penalties and extensive rights to bring private actions for damages, this is likely to make Big Tech sit up and take notice. If private actions develop like those under the Competition Act 1998, there is going to be a considerable increase in regulatory litigation as a result.

Contact Us
  • Worldwide
  • Boston, MA
  • Chicago, IL
  • Denver, CO
  • Dublin, Ireland
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • London, England
  • Miami, FL
  • New York, NY
  • Orange County, CA
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
abstract image of world map
Boston, MA
800 Boylston St.
30th Floor
Boston, MA 02199
Google Maps
Boston, Massachusetts
Chicago, IL
100 North Riverside Plaza
Suite 1500
Chicago, IL 60606-1520
Google Maps
Chicago, Illinois
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Dublin, Ireland
Fitzwilliam Hall, Fitzwilliam Place
Dublin 2, Ireland
Google Maps
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
7160 Rafael Rivera Way
Suite 320
Las Vegas, NV 89113
Google Maps
Las Vegas, Nevada
London, England
Royal College of Surgeons of England
38-43 Lincoln’s Inn Fields
London, WC2A 3PE
Google Maps
Miami, FL
355 Alhambra Circle
Suite 1200
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Orange County, CA
19800 MacArthur Boulevard
Suite 300
Irvine, CA 92612
Google Maps
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
222 South Main St.
Suite 1830
Salt Lake City, UT 84101
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1717 Pennsylvania Avenue NW
Suite 400
Washington, DC 20006
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware